Ride-hailing giant, Careem faced a data breach this year which led to data of 14 million customers getting stolen.
This Dubai based transportation network posted on their website in a blog saying, “Careem has identified a cyber-incident involving unauthorized access to the system we use to store data.”
The blog post read, “On January 14 of this year, we became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date are not affected.”
In all, 14 million customers had their names, email address, phone number and the trip data stolen.
Careem added on their blog saying, “While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data.”
According to Emirati media, Careen was made aware of this cyber-attack after it was alerted to a message that the hacker had left on their system.
Careem has shared that they have started to take strong actions against this issue and to prevent it from happening in the future.
The ride-hailing service wrote, “As soon as we detected the breach, we launched a thorough investigation and engaged leading cyber-security experts to assist us in strengthening our security systems. We are also working with law enforcement agencies.”
They further added saying, “Throughout the incident, our priority has been to protect the data and privacy of our customers and captains. Since discovering the issue, we have worked to understand what happened, who was affected, and what we needed to do to strengthen our network defenses.”
When asked if the customers credit card details or passwords were compromised, Careen claimed that there has been no evidence of this, advising that this type of information is kept more secure, with them stating,
“Customers’ credit card information is kept on an external third-party PCP-compliant server. A PCP server uses highly secure protocols and is employed by international banks around the globe to protect financial information.”
Moreover, the blog post went on to explain what customers can do to prevent such cyber-attacks and breaches in the future. Reiterating what is already well known advice they suggested customers do the following,
– Implement good password management by updating your Careem password, as well as other accounts on which you use similar details. Use a strong mix of characters, and try not to use the same password for multiple sites.
– Remain cautious of any unsolicited communications that ask for personal information or refer to a web page asking for personal information
– Avoid clicking on links or downloading attachments from unfamiliar emails
– Continue to review bank account and credit card statements for suspicious activity – if you see anything unexpected, call your bank
They also added saying, “Careem understands the importance of your privacy. We regularly review and update our security systems – this time it wasn’t enough to prevent an attack. While no organization is completely immune to the threat of cybercrime, we are committed to meeting these threats and protecting the privacy and data of those that have placed their trust in us.”
Rest assured, Careem claims that they have learned from this experience and plan to come out a stronger and a more resilient organization.